Permissions & Security (Chmod/Chown/ACLs/SELinux/AppArmor)
Hardening Directory Traversal with the Sticky Bit
đź§© The Challenge
In shared directories with world-writable permissions, any user can delete or rename files created by others even if they do not own them. This creates a security risk where unauthorized users can sabotage or remove important data belonging to other system accounts.
đź’ˇ The Fix
Apply the sticky bit to the directory to ensure that only the file owner, the directory owner, or the superuser can delete or rename files within that specific path.
chmod +t /path/to/shared/directory
⚙️ Why It Works
When the sticky bit (represented by the t character) is set on a directory, the Linux kernel restricts file deletion and renaming operations to only those who own the file or the directory itself. This is the standard mechanism used for system directories like /tmp to prevent users from interfering with each other’s temporary files.
🚀 Pro-Tip: You can also set the sticky bit numerically by prefixing your chmod command with a 1, such as chmod 1777 /shared/folder.
Linux Tips & Tricks | © ngelinux.com | 7/10/2026
